Configuring Secure Socket Layer (SSL)

Terminology

ProCurve

Switch

1. Switch-to-Client SSL Cert.

SSL Client Browser

(SSL

 

2. User-to-Switch (login password and

 

 

enable password authentication)

 

Server)

 

options:

 

Local

TACACS+

RADIUS

Figure 7-1.

Switch/User Authentication

 

 

SSL on the switches covered in this guide supports these data encryption

 

 

methods:

 

 

3DES (168-bit, 112 Effective)

 

 

DES (56-bit)

 

 

RC4 (40-bit, 128-bit)

 

 

 

N o t e :

 

ProCurve Switches use RSA public key algorithms and Diffie-Hellman, and all

references to a key mean keys generated using these algorithms unless otherwise noted

Terminology

SSL Server: An ProCurve switch with SSL enabled.

Key Pair: Public/private pair of RSA keys generated by switch, of which public portion makes up part of server host certificate and private portion is stored in switch flash (not user accessible).

Digital Certificate: A certificate is an electronic “passport” that is used to establish the credentials of the subject to which the certificate was issued. Information contained within the certificate includes: name of the subject, serial number, date of validity, subject's public key, and the digital signature of the authority who issued the certificate. Certificates on ProCurve switches conform to the X.509v3 standard, which defines the format of the certificate.

Self-Signed Certificate: A certificate not verified by a third-party certificate authority (CA). Self-signed certificates provide a reduced level of security compared to a CA-signed certificate.

CA-Signed Certificate: A certificate verified by a third party certificate authority (CA). Authenticity of CA-Signed certificates can be verified by an audit trail leading to a trusted root certificate.

7-3